WordPress 4.9.3 was released on February 5 and included several bugfixes. The next day, WordPress 4.9.4 was released to fix a "severe bug" in the previous day's bugfix. If your WordPress website was automatically updated to version 4.9.3, you must manually update your website to version 4.9.4, otherwise your website will never automatically update again. If you don't know how to do that, it's time to call your webhost or developer! And you may have to part with some of your hard-earned money!
However… if your website was developed and maintained by All-In Web Services, your website was updated within a few hours after these WordPress maintenance releases rolled out. We've got you covered! And we will continue to keep your website running the latest, most secure version of WordPress.
Wordfence has more information here.
News was released in the past couple of days about two computer vulnerabilities that affects just about all computers (including tablets and smartphones) made in the past twenty years. Yes, you read that correctly!
One security website says, “Both of these vulnerabilities are hardware level vulnerabilities that exist because of a flaw in CPU architecture. They are very serious vulnerabilities because they are operating system and software independent. The long term fix for both of these issues will require that CPU makers change the way their chips work, which means redesigning and releasing new chips.” (see the link at the end of this post for more information about the Meltdown and Spectre Vulnerabilities.
Malicious hackers could use the vulnerability to access private information inside your computer. The vulnerability can be exploited if you simply visit an infected website that downloads a malicious file to your computer.
CPU chip manufacturers (Intel, ARM, etc) are working diligently to close this major security flaw. AMD, an Intel competitor claims their CPUs are not affected.
So what should you do?
Most of these recommendations are good “best practices” you should already be doing.
- First of all, make sure that your computer Operating System (Windows, OS X, Linux, Android, etc.) is up-to-date. You may have to manually install an update because some antivirus software may not allow the automatic update to download and install.
- Make sure that your antivirus and security software is up-to-date.
- Make sure that your internet browser software (Microsoft Edge, Google Chrome, Mozilla Firefox, Opera, Safari, etc.
- Discontinue Internet Explorer if you are still using it for accessing the Internet. Instead, use one of these other browsers because Microsoft has discontinued support for IE.
- Make sure that you have good backups of important files (documents, financial information, passwords, pictures, etc.).
- Update any hardware firmware updates that your computer manufacturer releases.
- Be extra vigilent and cautious about clicking links in your email. Before clicking on a link in an email, even if it appears to come from a friend or financial institution, hover your mouse over the sender’s email address and make sure that the link is the same as the actual sender’s email address. Also, hover over the link and look at the bottom of your screen on the status bar to see where the link is pointing. Or just pick up the phone and verify that it is a valid link.
Again, these are very serious vulnerabilities and affect almost all computers made in the past twenty years. Don’t panic, but be careful.
For more information:
I have often sung the praises of the LastPass Password Manager. Off the top of my head, I only know a couple of passwords for all of the websites that I access. And each website I visit has a different password. Instead of trying to keep up with a book or sticky notes where I have written all of my passwords, I simply use LastPass to manage all of it for me. Most of my websites allow me to have LastPass populate the login credentials for each website I access. And if I’m asked for a “strong password” when I sign up for a new service or website, LastPass is right there at my digital fingertips, ready to produce a strong password of any length of characters with letters, numbers, capitals, and symbols.
Unlike many other password managers, LastPass has a proprietary way of storing my information on their servers that can only be accessed with my LastPass password, so no one can steal my passwords … even if they were to be able to hack into LastPass’s main database. If I have logged out of the LastPass Extension on my browser, no one access my passwords and secure notes, even if they have my computer. Or phone. Or tablet. My master password unlocks the encrypted password vault online. The bottom line is that I love the way that technology can help me with technology.
Unfortunately, LastPass has been in the headlines recently. The most disturbing one appeared just moments ago. Evidently, there is a major security flaw in the software. According to the story, LastPass is recommending that users alter the way they are using their password manager: Disable the browser extension and use the LastPass Vault to access the websites rather than going directly to a webpage to use the self-populating features of the plugin.
Yes, this is serious business. Even if you don’t think you have anything important to hide, your personal privacy and identity is something worth protecting (take it from someone whose identity has been compromised by someone who used my credit card information to make a few purchases).
I still believe that LastPass is the best solution for managing all those passwords. But for the time being, I’m going to be a little more careful in the way I use it. You should too!
It’s August 18, 2016 and as promised, the fine people who produce WordPress have released the newest version of the platform. There are a few new bells and whistles, most of which will go unnoticed by website visitors. However, website administrators will notice a few things in the “back end” of the Admin Panel.
If you are one of our clients, your website has already been updated and I have verified that your website continues to look good and function properly. If you notice strange behavior on your website over the next few days (or anytime actually), please don’t hesitate to contact us as soon as possible!
If you need a re-design or need new features, please let us know!
As a reminder, if you haven’t recently updated your passwords, please take a few minutes to do that now. If you’re struggling to keep up with all of your passwords, let me recommend LastPass; it’s a password manager that will help you to not only keep things straight, but it will even create those “strong passwords” some websites require (All websites should require them!).
A new WordPress update (4.5.3) was rolled out this morning. If you are one of our clients, your website has already been updated as part of our hosting maintenance agreement.
If you’re interested in learning what’s covered by this maintenance and security release, WordPress has released the documentation here.
A new version of WordPress Core is available (4.4).
If you have not already updated, please do so as soon as possible. Many WordPress hosting companies do not automatically update your WordPress Core, Plugin and Theme files. In addition, many hosts do not backup their clients’ files and databases. Before updating your WordPress website, remember to backup your database. While you’re at it, don’t forget to configure your WordPress installation to maintain periodic backups.
All of our clients have already been backed up and updates for WordPress Core, Plugins and Themes have been installed. You’re welcome!
Updating WordPress and Plugins is not included in most hosting packages!
This morning, a security update was released for the #WordPress Core. Several plugins were updated as well. Unless you updated your #WP core files and plugins, your website is vulnerable to attack!
All of our clients’ websites were updated within minutes of today’s announced release.
Staying up-to-date with WordPress is your responsibility!
Don’t gamble with the #security of your #WordPress website! Go All-In and let us protect your website from hackers!
To learn more about today’s security release, see this news release.
Is your website ready for Google’s new search algorithm?
If not, where your website appears in the listing of search results may suffer!
What is Google’s pagerank algorithm?
Where your website appears when somebody searches for something relevant about your organization is known as pagerank. Everybody wants their website at the top of Google’s search results. But Google is very tight-lipped about what actually makes a website show up in the highest positions of search results. Because a variety of criteria is used to determine the order of the search results, when Google announces that it is making changes it’s important to take notice and adjust your website accordingly.
If someone in Tulsa, Oklahoma searches for “baptist churches”, they don’t care to see a list of Baptist Churches in Dallas, Texas. So Google presents relevant information by listing the Baptist Churches in Tulsa.
Mobile-friendliness (also called Responsive Website Design)
More than ever before, people are accessing the Internet with mobile devices (phones, tablets, etc.). How your website appears on these mobile devices can greatly affect its user-friendliness. In fact, your website may not be accessible at all when someone visits your website using a mobile device.
Beginning April 21, 2015, Google will also include “mobile-friendliness” to their search algorithm. What this means for you is that if you want your website to place as high as possible in Google’s pagerank, you need to ensure that your website is mobile-friendly.
Don’t gamble with Google’s upcoming changes!
Let All-In Web Services review your website for mobile-friendliness and relevance for better Search Engine Optimization (SEO).